From 96d4ed77cd0068b9e12bc32f1694d70af42837e3 Mon Sep 17 00:00:00 2001 From: "Tristan B. Velloza Kildaire" Date: Wed, 21 Dec 2022 13:46:47 +0200 Subject: [PATCH 1/2] Routing - Added section on `kernel` protocol to BIRD section --- docs/routing/bird.md | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/docs/routing/bird.md b/docs/routing/bird.md index 1a47647..76eaef3 100644 --- a/docs/routing/bird.md +++ b/docs/routing/bird.md @@ -115,8 +115,6 @@ TODO: Add a check about not installing RTD_UNREACHABLEs which babel will generat ### Direct protocol -TODO: fix/finish this section - This provides BIRD with a manner of picking up the `subnet/prefix` pair that is assigned to local interfaces such that these can be imported into BIRD and later advertised. ``` @@ -127,11 +125,31 @@ protocol direct crxnDirect table crxn; import filter crxnFilter; }; - # Interfaces to find neighbours on + + # Interfaces to find neighbors on interface "eth*"; } ``` +### Kernel protocol + +We need to sync the routes from the BIRD routing table `crxn` to the actual kernel's routing table such that it can be used in forwarding decisions. This is accomplished with the following declaration: + +``` +protocol kernel crxnKernel +{ + ipv6 { + # bird's crxn table -> kernel + table crxn; + export filter crxnFilter; + }; + + persist; +} +``` + +1. The `persist` option means that when BIRD exits it will not flush the routing table. This is useful if you want to do maintenance and still want to allow forwarding of traffic for a little while (of course other routers may expire routes to you but at least not that fast) + --- Old stuff below WIP): From 37f45918da5413c65c79ac9af938d3f552406d55 Mon Sep 17 00:00:00 2001 From: "Tristan B. Velloza Kildaire" Date: Wed, 21 Dec 2022 13:56:42 +0200 Subject: [PATCH 2/2] Tunneling - Added `float yes` to peer configuration --- docs/tunneling/fastd.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/tunneling/fastd.md b/docs/tunneling/fastd.md index b2d0a51..8d1956c 100644 --- a/docs/tunneling/fastd.md +++ b/docs/tunneling/fastd.md @@ -47,6 +47,7 @@ peer "" remote "" port ; key ""; interface ""; + float yes; } ``` @@ -94,6 +95,9 @@ Now we need to fill in the peer details of the node you are connecting to: 5. `""` * Set this to your peer's public key +> The `float yes` is to allow the peer with the provided public key to connect to you using a source address **other** than the one specified (as fastd does authenticate against that). [Read more](https://fastd.readthedocs.io/en/stable/manual/config.html#main-configuration). + + The last thing to configure now is to rise the interface up when fastd starts (as it normally doesn't rise it for you), all occurences of `` here should match the one in the `interface ;` declaration as shown earlier. ### Starting and maintaining the daemon